For additional information, refer to these resources:

■ Cisco Systems, Inc., Configuring Port Security: r09186a008019d0de.html

■ Cisco Systems, Inc., SAFE Layer 2 Security In-depth Version 2: _paper09186a008014870f.shtml

■ Cisco Systems, Inc., Configuring 802.1XPort-Based Authentication: guide_chapter09186a00800d84b9.html

■ Cisco Systems, Inc., VLANSecurity White Paper: 08013159f.shtml

■ Cisco Systems, Inc., Configuring Private VLANs (4500 series):

■ Cisco Systems, Inc., Understanding and Configuring DHCP Snooping: chapter09186a00800dde9f.html#30724

■ Cisco Systems, Inc., Configuring DAI (4500): _chapter09186a008019d0ca.html

8-98 Building Cisco Multilayer Switched Networks (BCMSN) v3.0 © 2006 Cisco Systems, Inc.

Use the questions here to review what you learned in this module. The correct answers and solutions are found in the Module Self-Check Answer Key.

Q1) Which feature supported on Cisco Catalyst switches restricts a switch port to a specific set or number of MAC addresses? (Source: Understanding Switch Security Issues)

A) port security

B) DHCP snooping



Q2) What is one best practice to mitigate VLAN hopping? (Source: Protecting Against VLAN Attacks)

A ) configure all unused ports as trunks

B) shut down all unused ports

C) set trunks to "negotiate" and not "on"

D) set the interface speed to 10 Mbps

Q3) What are three ways to protect against spoofing attacks? (Source: Protecting Against Spoof Attacks)

Q4) Which two options are valid for improving STP security. (Choose two.) (Source: Describing STP Security Mechanisms)

A) BPDU guard

B) MAC filtering

C) root guard


Q5) Which two features apply to loop guard? (Choose two.) (Source: Preventing STP Forwarding Loops)

A) It allows a blocked port in a physically redundant topology to stop receiving BPDUs.

B) It provides additional protection against Layer 2 STP loops.

C) It moves ports into the STP loop-inconsistent state if BPDUs are not received on a nondesignated port.

D) It enables the blocking port to move to a forwarding state.

Q6) To provide secure, strong authentication and secure communications over insecure channels, instead of Telnet use_. (Source: Securing Network Switches)

© 2006 Cisco Systems, Inc. Minimizing Service Loss and Data Theft in a Campus Network 8-99

Was this article helpful?

0 0

Post a comment